Vendor Risk Management / IT Security Analyst

Training, RFI, Evaluation, Education, ISO/IEC 27001:2005, Collaboration, Problem solving, IT audit, Presentations, Vendor relationships, Request for proposal, Troubleshooting, SAP GRC, Cloud, Security controls, Health care, Privacy, PCI DSS, Procurement, Operational efficiency, NIST, Information security, HIPAA, Process improvement, Risk assessment, Purchasing, IT, Data centers, Communication skills, Insurance, Research, Security, Compliance
Full Time
Depends on Experience
Work from home not available Travel not required

Job Description

*Please note, this position is not eligible for H-1B or Those authorized to work in the United States without sponsorship are encouraged to apply. sponsorship.

At the University of Minnesota, we are dedicated to changing lives through education, research, and outreach. The University Information Security department (UIS) offers an environment of trust, collaboration, and mission-focused work. We seek an individual who will be responsible for performing and expanding information security reviews of third parties that collect, manage or access University data, during initial procurement and periodically throughout the contract lifecycle. This individual will also be responsible for ensuring that issues identified through vendor reviews are resolved and that agreed-upon controls remain in place. 


We Offer:

  • University paid contribution (10% of your salary) to your retirement account - vested immediately.
  • 22 paid vacation days per year, in addition to sick leave and 11 paid holidays.
  • Reduced tuition opportunities covering 75% - 100% of eligible tuition.
  • Excellent and affordable health care benefits.
  • Wellness program with the opportunity to earn lower health care rates.
  • Free disability insurance.
  • Annual merit increase program.


Job Responsibilities:

  • Conduct security reviews of third parties through defined processes and tools, identifying risks where controls don’t measure up to University information security requirements.
  • Drive remediation of risks related to completed third party security reviews. 
  • Facilitate the vendor management process by working with other information security staff to evaluate vendor risks, coordinating communication with the risk owner and vendor, and ensuring proper approval of risk exceptions if necessary.
  • Participate in RFP/RFI process.
  • Develop vendor assessment and tracking processes and procedures using the University GRC tool.
  • Escalate security issues where appropriate.
  • Collaborate with the vendor relationship owner, privacy office, purchasing, and general counsel office during the evaluation of potential vendors and during contract renewal for existing vendors.
  • Ensure review processes are properly defined and formally documented for consistent execution.
  • Identify opportunities for process improvements to deliver increased operational efficiency.
  • Maintain strong knowledge of security-related regulations and standards (e.g. HIPAA, PCI DSS, and NIST) and security control structures (e.g. ISO 27001/27002).


*Please document qualifications on resume

Required Qualifications:

  • Bachelor’s degree and 2 years of relevant work experience or a comparable combination of education, training, and experience.
  • Strong analytical and problem-solving skills.
  • Demonstrated experience in one or more of the following:
    • Regulatory compliance
    • Information security risk assessment
    • Third-party vendor review 
    • Information technology audit
  • Knowledge of diverse IT architectures and enterprise IT data centers, external hosted services, and cloud computing environments.
  • Excellent communication (oral, written, presentation), interpersonal, and consultative skills.


The University of Minnesota is an Equal Opportunity Educator and Employer.

Posted By

Prince Saah

1300 S 2nd St Ste 600 Minneapolis, MN, 55454

Dice Id : RTL90967
Position Id : 335037
Originally Posted : 1 month ago
Have a Job? Post it